sharepoint 2010 user profile synchronization failing event id 6050

Profile import from AD fails. We are able to successfully create Synchronization Connection, but when trying to run Full or Incremental Profile Synchronization, you are greeted with errors in Application Event Log such as this:

this error occurs when the Service Account you used to run the Forefront Identity Manager Synchronization Service(FIMSynchronizationService) doesn’t has the Active Directory Secuiry Rights for “ Replicating Directory Changes”.

Resolution:

1.Open the Active Directory Users and Computers snap-in
2.On the View menu, click Advanced Features.
3.Right-click the domain object, such as “company.com”, and then click Properties.
4.On the Security tab, if the desired user account is not listed, click Add; if the desired user account is listed, proceed to step 7.
5.In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
6.Click OK to return to the Properties dialog box.
7.Click the desired user account.
8.Click to select the Replicating Directory Changes check box from the list.
9.Click Apply, and then click OK.
10.Close the snap-in.
NOTE: Group “Domain Admins” already has the above right however if you are still seeing this issue add the service account explicitly to the AD Security